Computer users are often victimized by phishing attacks, in which they unknowingly provide personal and confidential information to malicious websites. Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are commonly made by sending fraudulent emails or instant messages, and enticing users to click on a link and submit personal information to what appears to be a legitimate website.
Existing anti-phishing solutions use current, real time, data to determine whether a website which is requesting information is trustworthy. This type of information is often not available to these solutions until hours or days after a phishing site goes live. The reason for this delay is that it often takes a period of time for a new phishing site to be discovered, and then for identifying information to be distributed to security software publishers and made available to their users. During this period of time, users may unknowingly expose their personal information to a malicious website without any warnings from their installed anti-phishing solution. Once a phishing site is discovered, new protections are provided to anti-phishing solutions to ensure users are protected until the site is shut down. Once a site is shut down, the work required to build an assessment of the damage caused by the site is typically very time consuming and prone to high error rates. These low quality, slow to market, damage reports lead to inaccurate trending and erroneous views of what data phishing sites are actually targeting.
It would be desirable to be able to create accurate damage reports of what information was actually compromised, for purposes such as damage assessment, trend tracking and profiling of suspected malicious websites.